Dual Hubs & Single DMVPN

Similar Messages

• Different between Dual hub-dual DMVPN cloud Vs Dual hub-single DMVPN cloud

  please explain
  different between Dual hub-dual DMVPN cloud Vs Dual hub-single DMVPN cloud

  Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
  i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
  Thanks

• Dual cloud dual hub single tier dmvpn with backup service provider

  Hi,
  I have a design issue with a WAN network. I have decided to use dual cloud dual hub single tier DMVPN topology (ref. to http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf - "Dynamic Multipoint VPN (DMVPN) Design Guide"). I have tested in lab 2 hubs and 3 spokes, applying the mentioned technology. Everything is OK, when the primary hub fails, there is only 1-3 seconds loss (3 pings).
  The problem is that each spoke and hub will have 2 service providers for WAN - primary and backup. I am still wondering which design is better and more stable to implement - using more DMVPN clouds (for the backup service provider network) or creating static IPSEC GRE tunnels in the backup links?
  Is there a guide for this case?
  What is the best practice in this case?
  Thanks in advance,
  Mladen

  Dynamic spoke-to-spoke requires your spoke routers to have mGRE tunnel interfaces. If you ever have a spoke which sources 2 tunnels from the same physical interface, you have a problem: how to resolve which tunnel is an incoming NHRP request for?
  My DMVPN is a bit different in that the crypto is GETVPN on the physical interface. There is a crypto-map applied to the physical interface and it has 2 entries which correspond to the GETVPN crypto-groups for each tunnel.
  I resolved this issue by making one of the 2 tunnels on each spoke router mGRE and the 2nd one point to point. the mGRE tunnel is preferred as primary (we use eBGP through the tunnel, so routes received through the mGRE tunnel are local-pref'd high and we AS path prepend routes advertised out the point-to-point tunnel)
  I haven't gone back and tested what happens when you have a spoke which has 2 tunnels sourced from the same interface and another spoke with 2 tunnels sourced from the same interface or from 2 different physical interfaces. The concern is that you may get a situation where one router uses Tunnel 2 for dynamic spoke-to-spoke tunneling, and the other uses Tunnel1, and that the dynamic tunnel setup fails because the crypto map cannot properly decide which crypto group to use for the incoming traffic on the router where 2 tunnels use the same physical interface.

• DMVPN DUAL HUB SINGLE CLOUD CONFIGURATION EXAMPLE

  Hi,
  I am looking for a simple configuration for a dmvpn network running eigrp with two hubs on a single cloud.
  Do i just create two nhs entries, nhrp map entries, and two multicast entries on the spoke router tunnel interfaces?  And on the hub routers add a delay on the tunnel interfaces for the one i prefer to be the secondary?
  I am looking for confirmation and any other tweaks i need to make. i cant seem to find any examples.
  Thanks in advance!!

  Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
  i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
  Thanks

• Dual hub with one hub :-S

  Hi,i know the title is absurde .
  that is my topology :
  there are two links between router R1 (Hub) and router R4 (ISP) :
  The primary DMVPN cloud should be with the primary link (150.0.0.0/24)
  The secondary DMVPN cloud should be with the secondary link (150.0.1.0/24)
  the HUB must have one tunnel interfaces for each physical interface,so we need two tunnel interfaces .
  If i choose Dual  hub dual dmvpn cloud that mean that  i must have two tunnel interfaces for each spoke.
  If i choose Dual  hub single dmvpn cloud that mean that i must have just one tunnel interface for each spoke.
  the Hub must always use the primary link,to reach spokes1 (we are in the primary DMVPN cloud).
  but if the primary link goes down the second must be used by the hub and we move to the second DMVPN cloud .
  the ISP should use the secondary link only if the primary is down .
  a default route should be configured on the ISP to reach Internet.
  Is this possible (correct) ?,if yes :
  which model is the best : dual hub dual dmvpn cloud or dual hub single dmvpn cloud?
  how can i configure the ISP to use the secondary link only if the primary is down?
  if we have two hubs,how/why  the spokes prefer the primary hub?
  in this situation: how the spokes will prefer the primary DMVPN cloud (the primary Link)?

  You should. Both drives should show up if you press F12 at the ThinkPad POST screen (along with other attached bootable media).
  W520: i7-2720QM, Q2000M at 1080/688/1376, 21GB RAM, 500GB + 750GB HDD, FHD screen
  X61T: L7500, 3GB RAM, 500GB HDD, XGA screen, Ultrabase
  Y3P: 5Y70, 8GB RAM, 256GB SSD, QHD+ screen

• Configuration Dual HUB Dual Dmvpn

  Hi Dears
  i configurate simple  DMVPN on my network. Now i want to configurate Dual HUB Dual DMVPN.
  i can not find any good configuration documentation how config that.
  please provide me a link or any pdf fot configuration DUal HUB Dual Dmvpn .
  thanks.

  Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
  i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
  Thanks

• Dual-DMVPN Design with Dual Hubs on a single router ??

  Hi All,
  In DMVPN, in Dual-DMVPN Design with Dual Hubs , can a single router perform the role of dual hubs.
  The router has two different internet links. It is intended that when one link goes down, spokes shud connect to the same router onto the other active internet connection. Is this possible ?

  Since no one has answered yet, I'll give you the practical answer.
  You'll have issues with IPSec and static routing. "DMVPN" itself probably wouldn't have an issue, but it would depend on IPSec and routing to work.
  It is easier, by far, to put in a second router. And when you factor in your time to try to make it work (and it may not work), the second router is less expensive.
  Rob

• DMVPN Dual Hub

  Hello
  I have one Hub Router 2901 with 2 Internet Provider whichare connected by 2 off. IP`s. If the primary connection goes down the router switch to the second connection on the wan interface. This works perfect.
  Now my problem.
  I have 4 Spoke-Router 881 3G wichshould be connected by DMVPN with the Hub. DMVPN works perfect on the primary connection. If the primary connection goes down and the second (backup) on. DMVPN is down. 
  is ist possible to connect the tunnel interface to 2 adresses? If i insert a 2nd ip nhrp map und ip nhrp multicast i cannnot send any data over the Tunnel.
  thanks for help !!!
  interface Tunnel1
  description DMVPN zu ASCOM-HUB1
  bandwidth 100000
  ip address 10.100.0.1 255.255.255.0
  no ip redirects
  no ip proxy-arp
  ip mtu 1400
  ip authentication mode eigrp 1 md5
  ip authentication key-chain eigrp 1 EIGRP1-key
  ip nhrp authentication NhrP-K3y
  ip nhrp map multicast XXX.XXX.XXX.XXX
  ip nhrp map 10.100.0.250 XXX.XXX.XXX.XXX
  ip nhrp network-id 1
  ip nhrp nhs 10.100.0.250
  ip nhrp registration no-unique
  ip nhrp shortcut
  ip nhrp redirect
  ip virtual-reassembly in
  ip verify unicast reverse-path
  ip tcp adjust-mss 1360
  keepalive 10 3
  tunnel source FastEthernet4
  tunnel mode gre multipoint
  tunnel key 2
  tunnel path-mtu-discovery
  tunnel protection ipsec profile DMVPN

  Hello
  Thanks
  I have 2 differend ISP`s with differend Ip`s.
  So i insert a small photo how it looks like. The orange VPN`s work fine but if the Telekom crash and the hub switch to UPC the DMVPN is not working.
  Here is the config from the hub.
  So is it possible to insert more than one ip nhrp map address?
  Thanks
  interface Tunnel0
  description HUB1-DMVPN
  bandwidth 1000000
  bandwidth inherit
  ip address 10.100.0.250 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mtu 1400
  ip verify unicast reverse-path
  ip authentication mode eigrp 1 md5
  ip authentication key-chain eigrp 1 EIGRP1-key
  no ip split-horizon eigrp 1
  ip nhrp authentication XXXXXX
  ip nhrp map multicast dynamic
  ip nhrp network-id 1
  ip nhrp holdtime 300
  ip nhrp shortcut
  ip nhrp redirect
  ip virtual-reassembly in
  ip tcp adjust-mss 1360
  delay 10
  keepalive 10 3
  cdp enable
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key 2
  tunnel path-mtu-discovery
  tunnel protection ipsec profile DMVPN

• DMPVN Dual Hub Configuration

  In the DMVPN design guide it is stated that in a dual hub configuration one hub should be set as the primary via EIGRP metrics. Is there a reason for this? Why can't both routes act as successors so that load-balancing can take place. The only thing I can think of is that it could cause problems with spoke-to-spoke communication.
  Can someone shed some light on this?

  In the DMVPN design guide it is stated that in a dual hub configuration one hub should be set as the primary via EIGRP metrics. Is there a reason for this? Why can't both routes act as successors so that load-balancing can take place. The only thing I can think of is that it could cause problems with spoke-to-spoke communication.
  Can someone shed some light on this?

• DMVPN dual hub - qos preclasify limitation

  Hi,
  Reading the DMVPN design guide I found: "qos pre-classify is not supported in an architecture that implements two different headends for mGRE tunnels and VPN tunnels."
  http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf
  Currently i am using a single headed DMVPN design with qos preclasify configured on the hub and voice works just perfect. My concern is with regards to implementing  a secondary hub for redundancy. How will the qos be handled if the qos preclasify is not supported?
  Thanks,

  I'm not aware of any limiation if you're using two separate tunnel interfaces (as opposed to two NHRP mappings on a single tunnel interface).
  Nor does:
  http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-2mt/sec-conn-dmvpn-per-tunnel-qos.html#GUID-182BD32F-56D4-479C-BFEF-B9738291E046
  mention any.
  If in doubt, please open a TAC case.

• Dual-DMVPN with Dual Hubs

  Are there any routing issues when using mGRE interfaces on spokes. I need spoke-to-spoke connectivity. Obviously if I opt for p-pGRE interfaces then traffic from spoke-to-spoke will have to go via one of the hubs.
  I understand there was a limitation in IOS whereby mGRE interfaces on spokes prevented it from learning many routes via the hub.
  tia
  Ajaz

  Since no one has answered yet, I'll give you the practical answer.
  You'll have issues with IPSec and static routing. "DMVPN" itself probably wouldn't have an issue, but it would depend on IPSec and routing to work.
  It is easier, by far, to put in a second router. And when you factor in your time to try to make it work (and it may not work), the second router is less expensive.
  Rob

• Dual DMVPN Dual Hub Request for Help?

                     Hello Anyone with DMVPN experience,
                      Can you please have a look at my DMVPN queries in the attached document?
                      Thank you
                      Regards
                      Phuc Le

  Hi Phuc Le,
  I found for you a quite detailed design and implementation guide. Please read carefully and implement a test bed. I'm sure you will get support for specific issues if you run into problems.
  http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_2_Phase2.html
  These documents are carefully written and I never encountered any problems with such reference implementations.
  Also: Please don't formulate your questions in an attached document, this makes it diffucult for us to give you answers.
  Best regards, MiKa

• One Image for dual and single processor G5 machines

  I'm working in a lab that has both single and dual processors G5 machines. There is only one image for both machines and I suspect that we have a few bugs with the single processor machines because of this. Has anyone else used one image for both single and dual processors? Have there been problems. I'm wondering if it is necessary to create two separate images.
  mdinger

  There is not difference in the images, but you might have problems with the single G5 machines and 10.4. Did you do the firmware upgrade?
  I have ~10 single G5 and 25 dual D5 machines netinstalled from one image without trouble.
  jotjot

• Dual and Single Channel Mode

  Talking about dual channel and single channel. Is it a theory or is it really a big significant difference in performance between the two? Just curious

  Hi Richard,
  Thanks for the speedy reply. I'll go tinker around a little more and see what I can do with this board
  Benedict.

• Dual vs. single

  I am replacing my trusty G3 with a used G4, but before I make a hasty ebay buy, would it be better to get a 500 or 533 MHZ single processor or dual 450MHZ processors?

  bedpan,
  Visit this site and review options.
  http://www.vaughns-1-pagers.com/computer/mac-g4-models.htm
  Allan J has digested the subject and recommended a digital audio series mac. If you are trying to decide between two systems currently offered on eBay, you will need to make a faster decision than your question implies.
  Are you using software that is rewritten to take advantage of a dual processor mac or do you just like the novelty of having dual processors that may never really get used? An emotional purchase is just as valid either way. Buying a dual mac as a collectors item and using it in the mean time is also valid.
  Jim